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Privacy ^ Anonymity 
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" The right to be let alone " 
Warren & Brandeis (1890) 



When someone knows you, 

they should respect the knowledge 

they have about you 
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Privacy is a state where a party that 
has Personal Information about you 
is constrained in how they use that 
information 



Maybe not intuitive ... 



Personal Information 

Information or an opinion, 

whether true or not, 

about an individual 

whose identity is apparent, 

or can reasonably be ascertained 

Privacy Act 1988 



Copyright © 201 2-13 Lockstep Consulting 

Lockstep AusCERT 2013 Designing Privacy by Design (1 .2) HANDOUTS 



Designing Privacy by Design 



May 2013 



Maybe not intuitive ... 



Personal Information 

Information or an opinion, 

whether true or not, 

about an individual 

whose identity is apparent, 

or can reasonably be ascertained 

Privacy Act 1988 
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Case 1 : Street View Wi-Fi 



SSIDs collected to enhance geo-location 
"Accidentally" collected Wi-Fi contents 
Unencrypted data may be identifiable 
"Public domain"? 
European, Australian, US responses 



Case 2: Facial recognition 



Biometric templates generated from tags 
Facial recognition creates new tag suggestions 
European regulatory decision 
In Australia, biometrics will soon be Sensitive 
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Case 3: Pregnancy predictor 



• Classic Big Data 

• Health Information is SensitiveP\ 

• Cannot be collected without consent 

• Big Data stretches Collection Principle 



Privacy Impact Assessment QJ 



• Quasi-standardised: 
- Situation analysis 

- Information flows 
- Gap analysis against relevant Privacy Principles 
- Recommendations 

• Repeat as necessary 

• Classically a compliance tool 

• But the sooner the better 
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Information flow mapping 
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Hybrid Threat & Risk Assess 




Identify 



Confidentiality 

Integrity 

Availability 

Accessibility 

Permissibility 

Sensitivity 

Transparency 

Quality 



Estimate 
Likelihood 

1 ► 

l Accepted 

1 ► 






Select 
counter- 
measures 



Sign off 
Residual 

> 



Implement countermeasures 
(policies, processes, tech) 
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Destruction ' — 
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Hybrid Threat & Risk Assess 
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Privacy is ... 



• Not about security 

• Not about secrecy 

- Few people actually want anonymity 

• All about control 

• All about respect 

• Reducible to engineering requirements 



Copyright © 201 2-1 3 Lockstep Consulting 

Lockstep AusCERT 201 3 Designing Privacy by Design (1 .2) HANDOUTS 



Designing Privacy by Design 



May 2013 



Further reading 



Siri: A penny for your thoughts? Lockstep March 201 2 
http://lockstep.com.au/blog/2012/03/12/a-penny-for-your-thoughts 

What stops Target telling you're pregnant? Lockstep March 2012 
http://lockstep.com.au/blog/2012/03/07/target-tells-youre-pregnant 

Not too late for privacy Lockstep October 201 2 
http://lockstep.com.au/blog/2012/10/29/not-too-late-for-privacy 

The beginning ^/"privacy Lockstep February 201 3 
http://lockstep.com.au/blog/2013/02/12/the-beginning-of-privacy 

Facebook suspends photo tag tool in Europe BBC 21 Sep 201 2 
http://www.bbc.co.uk/news/technology-1 96751 72 

DNA hacking, MIT 

http://wi.mit.edu/news/archive/2013/scientists-expose-new- 

vulnerabilities-security-personal-genetic-information 



Discussion 
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